Re: VIA/ACE PadLock integration with crypto(9).

From: Mike Tancsa <mike_at_sentex.net>
Date: Sat, 13 Aug 2005 02:14:09 -0400
At 01:45 AM 13/08/2005, Mike Tancsa wrote:

>Is there something else that needs to be done to tell crypto(4) or 
>FAST_IPSEC to use the "hardware" in this case ?

Ok, figures, just after I post, I sort it out.

This looks MUCH better now

[  4] local 10.99.98.1 port 5001 connected with 192.168.43.34 port 61679
[  4]  0.0-10.0 sec  95.6 MBytes  80.2 Mbits/sec
[  4] local 10.99.98.1 port 5001 connected with 192.168.43.34 port 62819
[  4]  0.0-10.0 sec  95.9 MBytes  80.4 Mbits/sec

kldload /padlock.ko
sysctl -w net.inet.ipsec.crypto_support=1
clear the existing association (i.e. setkey -F;setkey -FP) and add it back
and the speeds are blazing fast!


The only reference I could find to this kernel mib was a posting by 
Sam long ago

http://groups.google.ca/group/mailing.freebsd.stable/browse_frm/thread/f3f140e615d9ca62/31935038340cc323?lnk=st&q=fast_ipsec+net.inet.ipsec.crypto_support&rnum=5&hl=en#31935038340cc323

net.inet.ipsec.crypto_support sysctl: set it -1 to get s/w only, 1 for h/w
only, or 0 (default) to take the best available crypto support.

Perhaps it would be good to add it to the FAST_IPSEC man page ?


# iperf -c 10.99.98.1 -n 1600M
------------------------------------------------------------
Client connecting to 10.99.98.1, TCP port 5001
TCP window size: 32.5 KByte (default)
------------------------------------------------------------
[  3] local 192.168.43.34 port 60429 connected with 10.99.98.1 port 5001
[  3]  0.0-164.2 sec  1.56 GBytes  81.8 Mbits/sec


 From the client itself, the results are pretty good as well!

[itx-vpn]# iperf -c 10.99.98.1 -B 192.168.43.185
------------------------------------------------------------
Client connecting to 10.99.98.1, TCP port 5001
Binding to local address 192.168.43.185
TCP window size: 32.5 KByte (default)
------------------------------------------------------------
[  3] local 192.168.43.185 port 57584 connected with 10.99.98.1 port 5001
[  3]  0.0-10.0 sec  41.8 MBytes  35.1 Mbits/sec
[itx-vpn]# sysctl -w net.inet.ipsec.crypto_support=1
net.inet.ipsec.crypto_support: 0 -> 1
[itx-vpn]# sh test-128.sh start
[itx-vpn]#
[itx-vpn]# iperf -c 10.99.98.1 -B 192.168.43.185
------------------------------------------------------------
Client connecting to 10.99.98.1, TCP port 5001
Binding to local address 192.168.43.185
TCP window size: 32.5 KByte (default)
------------------------------------------------------------
[  3] local 192.168.43.185 port 5001 connected with 10.99.98.1 port 5001
[  3]  0.0-10.0 sec    107 MBytes  89.8 Mbits/sec
[itx-vpn]#

         ---Mike
Received on Sat Aug 13 2005 - 04:14:45 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:41 UTC